msFilterList
# Title: 💊 Dandelion Sprout's Anti-Malware List (Internet Explorer TPL)
# Version: 21October2020v1-Beta
: expires = 5
# Description: Most anti-malware lists are pretty big and can cover a 5- or 6-digit amount of specific domains. But my list hereby claims to remove more than 25% of all known malware sites with just a 2-digit amount of entries. This is mostly done by blocking top-level domains that have become devastatingly abused by spammers, usually because they allowed for free and uncontrolled domain registrations. There's also additional categories that cover unusual malware and phishing domains that very few other lists seem to cover.
# For other security-specific lists I've made, check out https://github.com/DandelionSprout/adfilt/tree/master/Special%20security%20lists
# For more information, details, helpful tools, and other lists that I've made, visit https://github.com/DandelionSprout/adfilt/blob/master/Wiki/General-info.md#english

# ——— Bad top-level domains ———
# You can expect these domains to have an overwhelming majority of malware domains that have nothing to do with the countries in question. Nevertheless, if you are in a situation where you have to do active business in any of the countries in question, then this list may not be ideal for you.
# Tokelau
-d tk
+d coolcmd.tk
+d budterence.tk
+d google.tk
+d transportnews.tk
+d c0d3c.tk
+d anonytext.tk
+d tokelau-info.tk
+d fakaofo.tk
+d loljp-wiki.tk
+d ninetail.tk
+d goshujin.tk
+d graph.tk
+d haopro.tk
+d dls2.pokeacer.tk
+d nolfrevival.tk~coppersurfer.tk
# Gabon
-d ga
+d google.ga
+d filtri-dns.ga
+d dgdi.ga~voitures.ga
# Mali
-d ml
+d google.ml
+d mobili.ml
+d melody.ml~dcod.ml
# Equatorial Guinea
-d gq
+d deimos.gq
+d inege.gq
+d tvgelive.gq~comprarcarros.gq
# Central African Republic
-d cf
+d google.cf
+d rths.cf
+d voitures.cf
+d assembleenationale-rca.cf
+d cps-rca.cf~acap.cf
# Palau
-d pw
+d libgen.pw
+d petridish.pw~palaugov.pw
# International topical domains that have consistently horrendous scores on watchlists of bad TLDs, and whose use for legit purposes is practically non-existent.







# ——— Attempted removal of Google search result entries that lead to the above top-level domains (Advanced adblockers only) ———

# ——— You know those ultra-fraudulent auto-generated things that clutter up Google searches? These entries should remove some of them. ———

# ——— For Google Mobile ———
# Note for Fennec F-Droid (prev. pre-cataclysm Firefox for Android) users: I strongly recommend the use of https://addons.mozilla.org/firefox/addon/google-search-fixer/ for use on Firefox for Android, thus the entries are written for the Chrome version of Google Mobile.

# ——— Old dead tech-related domains ———
# Domains that used to host lists for adblockers or "hosts" tools, but which are now either used by malware pushers, or could potentially be snapped up by them.
-d adblock.gjtech.net
-d spam404bl.com
-d 109.201.135.46
-d hufilter.hu
-d fredfiber.no
-d securemecca.com
-d 1hos.cf
-d 1hosts.cf
-d everythingisnt.com
-d vin-plastiks.com
-d adblock-listefr.com
-d intr0.cf
-d njabl.org
-d dutchmega.nl
-d juvander.net
-d ssl.bblck.me
# Malicious domains found in videogame manuals
-d acclaimsports.com
-d acclaimmaxsports.com
-d hip-games.com
-d thq.com.au
-d gp32.com
-d kidnkid.com
-d b-shooter.com
-d 100-9.com
# Dead router connection URİs
# To log in to TP-Link routers, use tplinkwifi.net instead.
-d tplinklogin.net
-d tplinkextender.net
# Old Linux-related domains
# How these links still remain in Unetbootin, is anyone's guess.
-d dreamlinux.com.br
-d dreamlinux.net
-d dreamlinux.info
-d hacktolive.org
-d mandriva.com
# Fraudulent browser extensions
-d ublock.org
-d 138.68.252.54
-d jspenguin2017.github.io
-d useragentswitch.com
-d dev-nano.com
- socket.io

# ——— IQ test sites that make you waste heaps of time by taking the test, and then try to charge you to see the results. ———
-d funeducation.com
-d iq-research.info
-d iq-test.co.uk
-d iqtest.co.uk
-d iqtest.com
-d iqtestnow.org
-d iqtestonline24.com
-d test-iq.org
-d officialiqtests.com

# ——— Links to PC "optimising" "tool" PUPs that'll most likely stuff your PC full of nagware and malware ———
# ReImagePlus (Also added to "uBlock Filters - Badware Risks")
# https://windowsreport.com/extend-windows-laptop-battery-life/
# https://appuals.com/fix-error-0x800701e3-on-windows-7-8-1-10/
# https://ugetfix.com/ask/how-to-fix-windows-store-error-0x8000ffff/
# https://www.thewindowsclub.com/fix-windows-update-error-0xc1900130-on-windows-10
# https://www.majorgeeks.com/files/details/patch_my_pc.html
-d majorgeeks.com images icons red_icon_18x17px.png
# https://www.2-spyware.com/remove-redirector-gvt1-com.html
# ScanUtilities
# https://www.bynarycodes.com/fix-windows-10-update-error-0x80070006/
# Driver Easy
# https://www.drivereasy.com/knowledge/fix-critical-service-failed-blue-screen-error-on-windows-10/
# https://www.drivereasy.com/knowledge/fixed-how-to-fix-stop-error-0x0000001e/
# https://www.drivereasy.com/knowledge/download-gigabyte-audio-driver/
# https://www.drivereasy.com/knowledge/epson-xp-420-driver-update-for-windows-7-8-and-10/
# https://www.drivereasy.com/knowledge/solved-this-display-does-not-support-hdcp/
# Slimware DriverUpdate
# https://forums.windowscentral.com/
# Driverpack Online (Accidentally also fixed in EasyPrivacy and «AdGuard Mobile Ads»)
-d google-analytics.com
# SpyHunter links
# https://howtoremove.guide/redirector-gvt1-com-virus-malware-chrome-removal/
# https://www.2-spyware.com/remove-redirector-gvt1-com.html

# Common scam domain patterns
- (apps?|best|competition|game|mobile|play|prize|reward|sweeps)[0-9]{2,8}\.[a-z-]{5,22}[0-9]{1,8}\.(icu|life|live) 

# https://github.com/AdguardTeam/AdguardFilters/issues/58737



# ——— Banner for "MSN New Tab" ———

# ——— Download sites that felt shoddy to me (Most of which, if not all of which, had real non-ad download links that contained malware .exe files) ———
# If you're in a situation where you need to torrent something, such as for hard-to-buy or region-locked games, or games that you own for consoles that lack accessible rip tools, you can at least try to use sites that have legit downloads with the actual game files.
-d coolrom.com
-d freeroms.com
-d portalroms.com
-d romsmania.com
-d loveroms.com
-d portableroms.com

# ——— Entries from «abuse.ch ZeuS Blocklist», which was discontinued on the 8th of July 2019. ———
-d afobal.cl
-d alvoportas.com.br
-d blogerjijer.pw
-d bright.su
-d domnicpeter.in.net
-d dzitech.net
-d fadzulani.com
-d hruner.com
-d interlogistics.com.vn
-d ivansaru.418.com1.ru
-d jangasm.org
-d kesikelyaf.com
-d ns511849.ip-192-99-19.net
-d ns513726.ip-192-99-148.net
-d panel.vargakragard.se
-d sanyai-love.rmu.ac.th
-d servmill.com
-d ssl.sinergycosmetics.com
-d telefonfiyatlari.org
-d update.rifugiopontese.it
-d vodahelp.sytes.net
-d witkey.com

# ——— Truly extraordinarily cases of sites so bad that it counts as malware that directly affects human brains ———
# https://www.reddit.com/r/insanepeoplefacebook/comments/czvv5i/incel_tracking_down_a_mother_of_a_murdered/
-d incels.co

# ——— Browser extension store entries for notoriously poor or malicious adblocker forks ———
# Note: Currently the entries only work properly on AdGuard for Windows/Mac, due to what seems to be limitations placed on browser extensions.
# Chrome Web Store
# Mozilla Add-ons
# Homepages
-d adblock.biz
-d the1adblocker.com

# ——— Wrong suffixes of legitimate sites ———
# https://new.reddit.com/r/dwarffortress/comments/e4srco/be_sure_to_use_org_instead_of_com_when_going_to/
-d dwarffortresswiki.com
-d 103.224.212.249
-d speedtest.com

# ——— Frequently used to infiltrate and maliciously redirect sites, e.g. ToonBarn ———
-d ppc.netnet44.net
-d tncrun.net






-d 54.174.156.141
-d lucretius-ada.com
-d tango-deg.com
-d ezekiel-sam.com
-d franciscus-ful.com
-d hippolyte-hag.com
-d india-abc.com
-d leontius-eli.com
-d mohini-ger.com
-d nethaneel-has.com
-d ortrun-adi.com
-d paramonos-oha.com
-d paula-secundinus.com
-d photios-raj.com
-d proserpina-zeb.com
-d ieronimus-kay.com
-d fredagty.com
-d lordagty.com
-d madagty.com
-d onsdagty.com
-d zeroredirect5.com
-d 54.209.22.226
-d 54.91.125.197
-d 52.202.53.245
-d 35.175.38.64
-d 35.168.147.213
-d 34.230.160.215
-d 3.226.8.132
-d 3.216.243.46
-d maowaotodowoo.net
-d roamingclicks.com
# Source: demonoid.pw
-d veremund-hon.com
# Source: desidert.no
-d collectfasttracks.com
# Source: vn-zoom.com
-d ttnrd.com





-d 54.152.245.247
-d 35.172.40.232
-d 3.90.125.85

# ——— Found in random witness reports online ———
# https://twitter.com/SUNgoddessOKAMI/status/1221295265195405315
-d deviuser.com
# https://github.com/AdguardTeam/AdguardFilters/issues/61838
- scan-update-and-protect-your-browser.html
# https://github.com/AdguardTeam/AdguardFilters/issues/61755
# https://github.com/AdguardTeam/AdguardFilters/issues/61743
- ://(www\.)?cunt[a-z]{3,8}\.com(/
# https://github.com/easylist/easylist/issues/6111
-d watch-video.net
-d findmedia.biz
-d whiteclick.biz
-d ilo134ulih.com
-d hooligapps.com
-d best202*-games-web1.com
-d theonlygames.com

# ——— Gobshite copypasted Android rooting "guides" (often with fake titles) that bricked two of my phones ———
# Most of the guides haven't even accounted for how modern phones have replaced the recovery environment with an extra boot environment, leading to very critical Fastboot commands not working and or bricking the phone.
-d unofficialtwrp.com
-d androidweblog.com
-d hardreset.info

# ——— If you run a webserver of any sort, and you get incoming requests to resolve these domains, that's rarely a good sign for that requestor's intentions ———

-d version.server
-d id.server
-d dominiosvision.com
-d hitnslab.cn
-d hitnslab.xyz


# ——— Zero-width spaces hyphens in lookalike domains ———
# uBO support is removed until https://github.com/uBlockOrigin/uBlock-issues/issues/1146/is/resolved

­*
​*


# ——— Since I very, very often have to go from "raw.githubusercontent.com" to "github.com" by means of manual address bar highlighting, I feel I could need some kind of protection insurance in case I highlight 2mm off-course one day. ———
-d githubus.com
-d githubu.com
-d githu.com
-d rawgithub.com
-d awgithub.com
-d wgithub.com
-d githubuser.com
-d rgithub.com

# ——— Usually used by various groups who buy old domains and display illicit ads on them ———

# ——— Temp hotfix for https://github.com/AdguardTeam/AdGuardHome/issues/1835/———
- \\ 


# Oddly enough, there seems to be no need to couple it with "@@ :\\ ", since web browsers convert Windows filenames from backwards to forwards slashes.

# ——— User-submitted entries ———
# https://github.com/DandelionSprout/adfilt/issues/71
-d imgvieweriri.com

# Placeholder line for alternate list versions
